jack/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/roles
History
jack e935c897c6
Some checks failed
CI/CD / syntax-check (push) Successful in 58s
Details
CI/CD / deploy (push) Failing after 43s
Details
feat: Cloudflare integration — real IP forwarding + firewall lockdown 
Traefik traefik.yml.j2:
- Add forwardedHeaders.trustedIPs with all Cloudflare CIDR ranges
  on both web and websecure entrypoints so rate limiting and
  CrowdSec see real visitor IPs, not Cloudflare proxy IPs

firewall.yml:
- Replace open HTTP/HTTPS rules with per-CIDR allow rules
  scoped to Cloudflare IP ranges only
- Direct access to ports 80/443 bypassing Cloudflare is now blocked

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 04:02:06 +07:00
..
backup feat: Timeweb S3 offsite backup uploads 2026-03-22 03:58:58 +07:00
base feat: Cloudflare integration — real IP forwarding + firewall lockdown 2026-03-22 04:02:06 +07:00
docker Initial commit 2026-03-20 19:39:26 +07:00
services feat: Cloudflare integration — real IP forwarding + firewall lockdown 2026-03-22 04:02:06 +07:00